<?php
session_start();
require_once('m_ajax.php');
global $auth_session;

if(empty($_POST['function'])){
		$uname = $_POST['user_name'];
		$pwd = md5($_POST['user_password']);

		$sql ="select * from user where user_name = '$uname'";
		$result =  mysql_query($sql);
		$row = mysql_fetch_array($result);

		if(empty($row))
		{
			$data['message'] = "user does not exist";
			$data['success'] = 0;
		}
		else
		{
			$sql ="select * from user where user_name = '$uname' and user_password='$pwd'";
			$result =  mysql_query($sql);
			$row = mysql_fetch_array($result);
			if(empty($row))
			{
				$data['message'] = "wrong password";
				$data['success'] = 0;
				if(!empty($_POST['login-form']))
				{
					header("location:../signup?login=1&success=0");
				}
			}
			else
			{
				$data['message'] = "login successful";
				$data['success'] = 1;
				$_SESSION['user_id'] = $row['user_id'];
				$_SESSION['user_name'] = $row['user_name'];
				$_SESSION['user_level'] = $row['user_level'];
				if(!empty($_POST['login-form']))
				{
					header("location:../signup?login=1&success=1");
				}
			}
		}
}
else
{
		unset($_SESSION['user_id']);
		unset($_SESSION['user_level']);
		$_SESSION['user_name']="Guest";
		$data['logout'] = 1;
}

echo json_encode($data);
?>